Filtering IPSec traffic ?
VANHULLEBUS Yvan
vanhu_bsd at zeninc.net
Tue Oct 25 02:57:49 PDT 2005
Hi all.
When setting up IPSec gates with traffic filtering (using pf, of
course), I didn't find any solution / informations about how to filter
IPSec traffic, except when using gif interfaces.
On OpenBSD, it looks like all IPSec traffic comes from enc0, on
Linux/Netfilter, they have for example the --mode tunnel to ensure the
current packet comes from an IPSec tunnel, but how can I set up a
filtering rule on FreeBSD, with pf, which specifies that a packet can
only match if it was encapsulated ?
Yvan.
More information about the freebsd-pf
mailing list